package com.shyroke.realms;

import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import java.util.Set;

import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.LockedAccountException;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import org.springframework.beans.factory.annotation.Autowired;

import com.shyroke.entity.Permission;
import com.shyroke.entity.Role;
import com.shyroke.entity.User;
import com.shyroke.mapper.UserMapper;

public class MyShiroRealm extends AuthorizingRealm {

	@Autowired
	private UserMapper userMapper;

	/**
	 * 授权
	 */
	@Override
	protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
		SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
		
		//获取用户名
		String userName=principals.getPrimaryPrincipal().toString();
		
		//根据用户名获取角色集合和权限集合
		List<Role> roles=userMapper.selectRolesByUserName(userName);
		List<Permission> permissions=userMapper.selectpermissionByUserName(userName);
		
		List<String> roleList=new ArrayList<>();
		List<String> permissionList=new ArrayList<>();
		for(Role role:roles) {
			roleList.add(role.getRole());
		}
		
		for(Permission permission:permissions) {
			permissionList.add(permission.getPermission());
		}
		
		//将List转为Set
		Set<String> roleset=new HashSet<String>();
		roleset.addAll(roleList);
		Set<String> permissionSet=new HashSet<String>();
		permissionSet.addAll(permissionList);
		
		authorizationInfo.addRoles(roleset);
		authorizationInfo.addStringPermissions(permissionSet);
		
		return authorizationInfo;
	}

	/**
	 * 认证
	 */
	@Override
	protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
		String username = (String) token.getPrincipal();
		String pwd = new String((char[]) token.getCredentials());
		User userInfo = userMapper.findByUsername(username);

		if (userInfo == null) {
			// 用户名不存在
			throw new UnknownAccountException("用户名错误");
		} else {
			// 用户名存在则判断密码
			userInfo = userMapper.findByPwd(username, pwd);

			if (userInfo == null) {
				throw new IncorrectCredentialsException(" 密码错误");
			} else if (userInfo.getState().equals("1")) {
				throw new LockedAccountException("账户被禁用");
			}

		}

		SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(userInfo.getUsername(), // 用户名
				userInfo.getPassword(), // 密码
				ByteSource.Util.bytes(userInfo.getUsername()+userInfo.getSalt()),
				getName() // realm name
		);
		return authenticationInfo;
	}
}
